How to Analyze Network Protocols, Learn More >>

Being able to support more than 300 protocols in the latest version, Capsa Network Sniffer make it easy to analyze protocols in network and understand what is happening.

Recommend Network Analysis Software >>


http://tools.ietf.org/html/

The Interior Gateway Routing Protocol (IGRP) was developed by the Cisco company. It is used to transfer routing information between routers.
IGRP is sent using IP datagrams with IP 9 (IGP). The packet begins with a header which starts immediately after the IP header.

 
Octets
Version
1
Opcode
1
Edition
1
ASystem
1
Ninterior
1
Nsystem
1
Nexterior
1
Checksum
1
IGRP header structure
1

Version
Protocol version number (currently 1).

Opcode
Operation code indicating the message type:
1   Update.
2   Request.

Edition
Serial number which is incremented whenever there is a change in the routing table. The edition number allows gateways to avoid processing updates containing information that they have already seen.

ASystem
Autonomous system number. A gateway can participate in more than one autonomous system where each system runs its own IGRP. For each autonomous system, there are completely separate routing tables. This field allows the gateway to select which set of routing tables to use.
Ninterior, Nsystem, Nexterior
Indicate the number of entries in each of these three sections of update messages. The first entries (Ninterior) are taken to be interior, the next entries (Nsystem) as being system, and the final entries (Nexterior) as exterior.

Checksum
IP checksum which is computed using the same checksum algorithm as a UDP checksum. The checksum is computed on the IGRP header and any routing information that follows it. The checksum field is set to zero when computing the checksum. The checksum does not include the IP header and there is no virtual header as in UDP and TCP.
An IGRP request asks the recipient to send its routing table. The request message has only a header. Only the Version, Opcode and ASystem fields are used; all other fields are zero.
An IGRP update message contains a header, immediately followed by routing entries. As many routing entries as possible are included to fit into a 1500-byte datagram (including the IP header). With current structure declarations, this allows up to 104 entries. If more entries are needed, several update messages are sent.

Vulnerabilities for this protocol (from CVE)

CVE ID Protocol Source Port Targetport

TCP/IP Protocols:

AHARP/RARPATMPBGP-4COPSDCAPDHCPDNS
DVMRPEGPEIGRPESPFANPFingerFTPHSRP
HTTPICMPICMPv6IGMPIGRPIMAP4IPIPDC
IPv6ISAKMPL2FL2TPLDAPMARSMobile IPNARP
NetBIOS/IPNHRPNTPOSPFPIMPOP3PPTPRadius
RIP2RIPng for IPv6RLOGINRSVPRTSPRUDPS-HTTPSCTP
SLPSMTPSNMPSOCKS V5TACACSTALITCPTELNET
TFTPUDPVan JacobsonVRRPWCCPX-WindowXOT